CEF

SyslogPro~ CEF

A class to work with HP CEF (Common Event Format) messages. This form of system messages are designed to work with security systems. Messages can be saved to file (Saving to file if not part of this module but a CEF formatted message produced by this module can be saved externally to it) or sent via Syslog. Most APIs will return a promise. These APIs can be used using `then(...)/catch(...)` A Syslog class with a configured Syslog server target can also be used as the input into the formatting classes so that it may run independently. The CEF format is designed to send event data to a SIEM system and should not be as a logging stream. This class is meant to be used once per message.

Constructor

new CEF(optionsopt)

Source:

index.js, line 1880

Version:

0.0.0

Since:

0.0.0

Construct a new CEF formatting object with user options

Parameters:

Name Type Attributes Description

options

object

<optional>

Options object

Properties

Name	Type	Attributes	Default	Description
`deviceVendor`	string	<optional>	`'unknown'`	The vendor of the system that generated the event being reported
`deviceProduct`	string	<optional>	`'unknown'`	The product name of the system that genrated the event being reported
`deviceVersion`	string	<optional>	`'unknown'`	The version name of the system that genrated the event being reported
`deviceEventClassId`	string	<optional>	`'unknown'`	The eventId of the system that genrated the event being reported
`name`	string	<optional>	`'unknown'`	Name of the service generating the notice
`severity`	string	<optional>	`'unknown'`	Severity of the notification
`extensions`	string	<optional>	`{}`	Any CEF Key=Value extensions
`server`	Syslog	<optional>	`false`	A Syslog server connection that should be used to send messages directly from this class. @see SyslogPro~Syslog

Requires:

module:moment

Requires

module:moment

Members

(private) constructor__

Source:

index.js, line 1903

deviceEventClassId :string

Source:

index.js, line 1912

Type:

string

deviceProduct :string

Source:

index.js, line 1908

Type:

string

deviceVendor :string

Source:

index.js, line 1906

Type:

string

deviceVersion :string

Source:

index.js, line 1910

Type:

string

extensions :object

Source:

index.js, line 1918

Type:

object

name :string

Source:

index.js, line 1914

Type:

string

(private) server

Source:

index.js, line 2080

severity :string

Source:

index.js, line 1916

Type:

string

Methods

buildMessage() → {Promise}

Source:

index.js, line 3321

Build a CEF formated string

Returns:

- String with formated message

Type: Promise

send(optionsopt)

Source:

index.js, line 3349

Parameters:

Name	Type	Attributes	Default	Description
`options`	Syslog	<optional>	`false`	A Syslog server connection that should be used to send messages directly from this class. @see SyslogPro~Syslog

validate() → {Promise}

Source:

index.js, line 2092

Validate this CEF object

Throws:

- First element to fail validation
Type Error

Returns:

- True if validated

Type: Promise